2019-07-09 10:30:48 +03:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
#ifndef __NET_TC_CT_H
|
|
|
|
#define __NET_TC_CT_H
|
|
|
|
|
|
|
|
#include <net/act_api.h>
|
|
|
|
#include <uapi/linux/tc_act/tc_ct.h>
|
|
|
|
|
|
|
|
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
|
|
|
|
#include <net/netfilter/nf_nat.h>
|
|
|
|
#include <net/netfilter/nf_conntrack_labels.h>
|
|
|
|
|
|
|
|
struct tcf_ct_params {
|
2022-11-06 15:34:17 -05:00
|
|
|
struct nf_conntrack_helper *helper;
|
2019-07-09 10:30:48 +03:00
|
|
|
struct nf_conn *tmpl;
|
|
|
|
u16 zone;
|
|
|
|
|
|
|
|
u32 mark;
|
|
|
|
u32 mark_mask;
|
|
|
|
|
|
|
|
u32 labels[NF_CT_LABELS_MAX_SIZE / sizeof(u32)];
|
|
|
|
u32 labels_mask[NF_CT_LABELS_MAX_SIZE / sizeof(u32)];
|
|
|
|
|
|
|
|
struct nf_nat_range2 range;
|
|
|
|
bool ipv4_range;
|
2023-10-24 13:05:51 +02:00
|
|
|
bool put_labels;
|
2019-07-09 10:30:48 +03:00
|
|
|
|
|
|
|
u16 ct_action;
|
|
|
|
|
|
|
|
struct rcu_head rcu;
|
2020-03-03 15:07:49 +02:00
|
|
|
|
|
|
|
struct tcf_ct_flow_table *ct_ft;
|
2020-03-12 12:23:09 +02:00
|
|
|
struct nf_flowtable *nf_ft;
|
2019-07-09 10:30:48 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
struct tcf_ct {
|
|
|
|
struct tc_action common;
|
|
|
|
struct tcf_ct_params __rcu *params;
|
|
|
|
};
|
|
|
|
|
|
|
|
#define to_ct(a) ((struct tcf_ct *)a)
|
2020-02-17 12:12:11 +02:00
|
|
|
#define to_ct_params(a) \
|
|
|
|
((struct tcf_ct_params *) \
|
|
|
|
rcu_dereference_protected(to_ct(a)->params, \
|
|
|
|
lockdep_is_held(&a->tcfa_lock)))
|
2019-07-09 10:30:48 +03:00
|
|
|
|
|
|
|
static inline uint16_t tcf_ct_zone(const struct tc_action *a)
|
|
|
|
{
|
|
|
|
return to_ct_params(a)->zone;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline int tcf_ct_action(const struct tc_action *a)
|
|
|
|
{
|
|
|
|
return to_ct_params(a)->ct_action;
|
|
|
|
}
|
|
|
|
|
2020-03-12 12:23:09 +02:00
|
|
|
static inline struct nf_flowtable *tcf_ct_ft(const struct tc_action *a)
|
|
|
|
{
|
|
|
|
return to_ct_params(a)->nf_ft;
|
|
|
|
}
|
|
|
|
|
2023-11-13 12:53:28 -05:00
|
|
|
static inline struct nf_conntrack_helper *tcf_ct_helper(const struct tc_action *a)
|
|
|
|
{
|
|
|
|
return to_ct_params(a)->helper;
|
|
|
|
}
|
|
|
|
|
2019-07-09 10:30:48 +03:00
|
|
|
#else
|
|
|
|
static inline uint16_t tcf_ct_zone(const struct tc_action *a) { return 0; }
|
|
|
|
static inline int tcf_ct_action(const struct tc_action *a) { return 0; }
|
2020-03-12 12:23:09 +02:00
|
|
|
static inline struct nf_flowtable *tcf_ct_ft(const struct tc_action *a)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
2023-11-13 12:53:28 -05:00
|
|
|
static inline struct nf_conntrack_helper *tcf_ct_helper(const struct tc_action *a)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
2019-07-09 10:30:48 +03:00
|
|
|
#endif /* CONFIG_NF_CONNTRACK */
|
|
|
|
|
net/sched: act_ct: Support restoring conntrack info on skbs
Provide an API to restore the ct state pointer.
This may be used by drivers to restore the ct state if they
miss in tc chain after they already did the hardware connection
tracking action (ct_metadata action).
For example, consider the following rule on chain 0 that is in_hw,
however chain 1 is not_in_hw:
$ tc filter add dev ... chain 0 ... \
flower ... action ct pipe action goto chain 1
Packets of a flow offloaded (via nf flow table offload) by the driver
hit this rule in hardware, will be marked with the ct metadata action
(mark, label, zone) that does the equivalent of the software ct action,
and when the packet jumps to hardware chain 1, there would be a miss.
CT was already processed in hardware. Therefore, the driver's miss
handling should restore the ct state on the skb, using the provided API,
and continue the packet processing in chain 1.
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-03-12 12:23:07 +02:00
|
|
|
#if IS_ENABLED(CONFIG_NET_ACT_CT)
|
2020-06-14 14:12:48 +03:00
|
|
|
static inline void
|
|
|
|
tcf_ct_flow_table_restore_skb(struct sk_buff *skb, unsigned long cookie)
|
|
|
|
{
|
|
|
|
enum ip_conntrack_info ctinfo = cookie & NFCT_INFOMASK;
|
|
|
|
struct nf_conn *ct;
|
|
|
|
|
|
|
|
ct = (struct nf_conn *)(cookie & NFCT_PTRMASK);
|
|
|
|
nf_conntrack_get(&ct->ct_general);
|
|
|
|
nf_ct_set(skb, ct, ctinfo);
|
|
|
|
}
|
net/sched: act_ct: Support restoring conntrack info on skbs
Provide an API to restore the ct state pointer.
This may be used by drivers to restore the ct state if they
miss in tc chain after they already did the hardware connection
tracking action (ct_metadata action).
For example, consider the following rule on chain 0 that is in_hw,
however chain 1 is not_in_hw:
$ tc filter add dev ... chain 0 ... \
flower ... action ct pipe action goto chain 1
Packets of a flow offloaded (via nf flow table offload) by the driver
hit this rule in hardware, will be marked with the ct metadata action
(mark, label, zone) that does the equivalent of the software ct action,
and when the packet jumps to hardware chain 1, there would be a miss.
CT was already processed in hardware. Therefore, the driver's miss
handling should restore the ct state on the skb, using the provided API,
and continue the packet processing in chain 1.
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-03-12 12:23:07 +02:00
|
|
|
#else
|
|
|
|
static inline void
|
|
|
|
tcf_ct_flow_table_restore_skb(struct sk_buff *skb, unsigned long cookie) { }
|
|
|
|
#endif
|
|
|
|
|
2019-07-09 10:30:48 +03:00
|
|
|
static inline bool is_tcf_ct(const struct tc_action *a)
|
|
|
|
{
|
|
|
|
#if defined(CONFIG_NET_CLS_ACT) && IS_ENABLED(CONFIG_NF_CONNTRACK)
|
|
|
|
if (a->ops && a->ops->id == TCA_ID_CT)
|
|
|
|
return true;
|
|
|
|
#endif
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* __NET_TC_CT_H */
|